status-go/server/pairing/common.go

package pairing

import (
	"fmt"
	"io/fs"
	"io/ioutil"
	"os"
	"path/filepath"
	"reflect"
	"regexp"
	"strings"

	"github.com/google/uuid"

	"github.com/status-im/status-go/params"
	"github.com/status-im/status-go/protocol/requests"

	"gopkg.in/go-playground/validator.v9"

	"github.com/status-im/status-go/account/generator"
	"github.com/status-im/status-go/api"
	"github.com/status-im/status-go/eth-node/keystore"
)

func newValidate() (*validator.Validate, error) {
	var validate = validator.New()
	var keyUIDPattern = regexp.MustCompile(`^0x[0-9a-fA-F]{64}$`)
	if err := validate.RegisterValidation("keyuid", func(fl validator.FieldLevel) bool {
		return keyUIDPattern.MatchString(fl.Field().String())
	}); err != nil {
		return nil, err
	}

	if err := validate.RegisterValidation("keystorepath", func(fl validator.FieldLevel) bool {
		keyUIDField := fl.Parent()
		if keyUIDField.Kind() == reflect.Ptr {
			keyUIDField = keyUIDField.Elem()
		}

		keyUID := keyUIDField.FieldByName("KeyUID").String()
		return strings.HasSuffix(fl.Field().String(), keyUID)
	}); err != nil {
		return nil, err
	}

	if err := validate.RegisterValidation("not_end_keyuid", func(fl validator.FieldLevel) bool {
		keystorePath := fl.Field().String()
		return len(keystorePath) <= 66 || !keyUIDPattern.MatchString(keystorePath[len(keystorePath)-66:])
	}); err != nil {
		return nil, err
	}
	return validate, nil
}

func validateKeys(keys map[string][]byte, password string) error {
	for _, key := range keys {
		k, err := keystore.DecryptKey(key, password)
		if err != nil {
			return err
		}

		err = generator.ValidateKeystoreExtendedKey(k)
		if err != nil {
			return err
		}
	}

	return nil
}

func loadKeys(keys map[string][]byte, keyStorePath string) error {
	fileWalker := func(path string, dirEntry fs.DirEntry, err error) error {
		if err != nil {
			return err
		}

		if dirEntry.IsDir() || filepath.Dir(path) != keyStorePath {
			return nil
		}

		rawKeyFile, err := ioutil.ReadFile(path)
		if err != nil {
			return fmt.Errorf("invalid account key file: %v", err)
		}

		keys[dirEntry.Name()] = rawKeyFile

		return nil
	}

	err := filepath.WalkDir(keyStorePath, fileWalker)
	if err != nil {
		return fmt.Errorf("cannot traverse key store folder: %v", err)
	}

	return nil
}

func validate(s interface{}) error {
	v, err := newValidate()
	if err != nil {
		return err
	}

	return v.Struct(s)
}

func validateAndVerifyPassword(s interface{}, senderConfig *SenderConfig) error {
	err := validate(s)
	if err != nil {
		return err
	}

	keys := make(map[string][]byte)
	err = loadKeys(keys, senderConfig.KeystorePath)
	if err != nil {
		return err
	}

	return validateKeys(keys, senderConfig.Password)
}

func validateAndVerifyNodeConfig(s interface{}, receiverConfig *ReceiverConfig) error {
	err := validate(s)
	if err != nil {
		return err
	}

	if receiverConfig.NodeConfig == nil {
		return fmt.Errorf("node config is required for receiver config")
	}

	if receiverConfig.NodeConfig.RootDataDir == "" {
		return fmt.Errorf("root data dir is required for node config")
	}

	return receiverConfig.NodeConfig.Validate()
}

func emptyDir(dir string) error {
	// Open the directory
	d, err := os.Open(dir)
	if err != nil {
		return err
	}
	defer d.Close()

	// Get all the directory entries
	entries, err := d.Readdir(-1)
	if err != nil {
		return err
	}

	// Remove all the files and directories
	for _, entry := range entries {
		name := entry.Name()
		if name == "." || name == ".." {
			continue
		}
		path := filepath.Join(dir, name)
		if entry.IsDir() {
			err = os.RemoveAll(path)
			if err != nil {
				return err
			}
		} else {
			err = os.Remove(path)
			if err != nil {
				return err
			}
		}
	}
	return nil
}

func validateReceivedKeystoreFiles(expectedKeys []string, keys map[string][]byte, password string) error {
	for _, searchKey := range expectedKeys {
		found := false
		for key := range keys {
			if strings.Contains(key, strings.ToLower(searchKey)) {
				found = true
				break
			}
		}
		if !found {
			return fmt.Errorf("one or more expected keystore files are not found among the sent files")
		}
	}

	return validateKeys(keys, password)
}

func validateKeystoreFilesConfig(backend *api.GethStatusBackend, conf interface{}) error {
	var (
		loggedInKeyUID string
		password       string
		numOfKeypairs  int
		keystorePath   string
	)

	switch c := conf.(type) {
	case *KeystoreFilesSenderServerConfig:
		loggedInKeyUID = c.SenderConfig.LoggedInKeyUID
		password = c.SenderConfig.Password
		numOfKeypairs = len(c.SenderConfig.KeypairsToExport)
		keystorePath = c.SenderConfig.KeystorePath
	case *KeystoreFilesReceiverClientConfig:
		loggedInKeyUID = c.ReceiverConfig.LoggedInKeyUID
		password = c.ReceiverConfig.Password
		numOfKeypairs = len(c.ReceiverConfig.KeypairsToImport)
		keystorePath = c.ReceiverConfig.KeystorePath
	default:
		return fmt.Errorf("unknown config type: %v", reflect.TypeOf(conf))
	}

	accountService := backend.StatusNode().AccountService()
	if accountService == nil {
		return fmt.Errorf("cannot resolve accounts service instance")
	}

	if !accountService.GetMessenger().HasPairedDevices() {
		return fmt.Errorf("there are no known paired devices")
	}

	selectedAccount, err := backend.GetActiveAccount()
	if err != nil {
		return err
	}

	if selectedAccount.KeyUID != loggedInKeyUID {
		return fmt.Errorf("configuration is not meant for the logged in account")
	}

	if selectedAccount.KeycardPairing == "" {
		if !accountService.VerifyPassword(password) {
			return fmt.Errorf("provided password is not correct")
		}
	}

	if numOfKeypairs == 0 {
		return fmt.Errorf("it should be at least a single keypair set a keystore files are transferred for")
	}

	if keystorePath == "" {
		return fmt.Errorf("keyStorePath can not be empty")
	}

	return nil
}

// setDefaultNodeConfig sets default values for the node configuration.
// Config Values still needed from the mobile include
// VerifyTransactionURL/VerifyENSURL/VerifyENSContractAddress/VerifyTransactionChainID
// LogEnabled/LogDir/RootDataDir/LightClient/Nameserver
func setDefaultNodeConfig(c *params.NodeConfig) error {
	if c == nil {
		return nil
	}

	err := c.UpdateWithDefaults()
	if err != nil {
		return err
	}

	// following specifiedXXX variables are used to check if frontend has specified the value
	// if not, the default value is set. NOTE: we also check 2 extra fields: WakuV2Config(LightClient|Nameserver)
	// see api.SetFleet for more details
	specifiedVerifyTransactionURL := c.ShhextConfig.VerifyTransactionURL
	specifiedVerifyENSURL := c.ShhextConfig.VerifyENSURL
	specifiedVerifyENSContractAddress := c.ShhextConfig.VerifyENSContractAddress
	specifiedVerifyTransactionChainID := c.ShhextConfig.VerifyTransactionChainID
	specifiedNetworkID := c.NetworkID
	specifiedNetworks := c.Networks
	specifiedUpstreamConfigURL := c.UpstreamConfig.URL
	specifiedLogEnabled := c.LogEnabled
	specifiedLogLevel := c.LogLevel
	specifiedFleet := c.ClusterConfig.Fleet
	specifiedInstallationID := c.ShhextConfig.InstallationID
	specifiedTorrentConfigEnabled := c.TorrentConfig.Enabled
	specifiedTorrentConfigPort := c.TorrentConfig.Port

	if len(specifiedNetworks) == 0 {
		c.Networks = api.BuildDefaultNetworks(&requests.WalletSecretsConfig{})
	}

	if specifiedNetworkID == 0 {
		c.NetworkID = c.Networks[0].ChainID
	}

	c.UpstreamConfig.Enabled = true
	if specifiedUpstreamConfigURL == "" {
		c.UpstreamConfig.URL = c.Networks[0].RPCURL
	}

	if specifiedLogEnabled && specifiedLogLevel == "" {
		c.LogLevel = api.DefaultLogLevel
	}
	c.LogFile = api.DefaultLogFile

	c.Name = api.DefaultNodeName
	c.DataDir = api.DefaultDataDir
	c.KeycardPairingDataFile = api.DefaultKeycardPairingDataFile
	c.Rendezvous = false
	c.NoDiscovery = true
	c.MaxPeers = api.DefaultMaxPeers
	c.MaxPendingPeers = api.DefaultMaxPendingPeers

	c.LocalNotificationsConfig = params.LocalNotificationsConfig{Enabled: true}
	c.BrowsersConfig = params.BrowsersConfig{Enabled: true}
	c.PermissionsConfig = params.PermissionsConfig{Enabled: true}
	c.MailserversConfig = params.MailserversConfig{Enabled: true}

	c.ListenAddr = api.DefaultListenAddr

	if specifiedFleet == "" {
		err = api.SetDefaultFleet(c)
		if err != nil {
			return err
		}
	}

	if specifiedInstallationID == "" {
		specifiedInstallationID = uuid.New().String()
	}

	c.ShhextConfig = params.ShhextConfig{
		BackupDisabledDataDir:      c.RootDataDir,
		InstallationID:             specifiedInstallationID,
		MaxMessageDeliveryAttempts: api.DefaultMaxMessageDeliveryAttempts,
		MailServerConfirmations:    true,
		DataSyncEnabled:            true,
		PFSEnabled:                 true,
		VerifyTransactionURL:       specifiedVerifyTransactionURL,
		VerifyENSURL:               specifiedVerifyENSURL,
		VerifyENSContractAddress:   specifiedVerifyENSContractAddress,
	}
	if specifiedVerifyTransactionChainID == 0 {
		c.ShhextConfig.VerifyTransactionChainID = int64(c.Networks[0].ChainID)
	}

	if specifiedVerifyTransactionURL == "" {
		c.ShhextConfig.VerifyTransactionURL = c.Networks[0].FallbackURL
	}
	if specifiedVerifyENSURL == "" {
		c.ShhextConfig.VerifyENSURL = c.Networks[0].FallbackURL
	}

	c.TorrentConfig = params.TorrentConfig{
		Enabled:    specifiedTorrentConfigEnabled,
		Port:       specifiedTorrentConfigPort,
		DataDir:    filepath.Join(c.RootDataDir, api.DefaultArchivesRelativePath),
		TorrentDir: filepath.Join(c.RootDataDir, api.DefaultTorrentTorrentsRelativePath),
	}

	return nil
}